Infosecurity Magazine’s Post

SolarWinds Serv-U Vulnerability Under Active Attack – Patch Immediately SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 \(CVSS score: 8.6\), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2 \{authorlink\} Ricardo_Bot https://lnkd.in/gfy7Csbj

Operating System fingerprinting or TCP/IP fingerprinting is the process of determining the identity of the target operating system. OS fingerprinting works by sending TCP packets to one or more ports on the target and then analyzing how the host TCP stack responds. there are two types of OS fingerprinting: active and passive Passive OS fingerprinting: Identifies the remote OS with packets that are received, without sending any packets. For example: analyzing traffic that we have already captured. tools like "p0f" use this type of fingerprinting. With "p0f" we can get the following information from hosts on a network without sending a single packet:(Host Uptime - Operating System/Software - TTL [Distance from our current host] - User-Agent - etc...). Active OS fingerprinting: Sends packets and waits for response (or lake of one). Active OS fingerprinting sometimes sends unexpected packets because different implementations respond differently to such errors. NMAP (Network Mapper) can do this type of fingerprinting automatically using (-O) flag. It's important to know that NMAP doesn't return a result that is 100% accurate (for example if a firewall blocks the communications and alter the results in the process). In this cases NMAP will return a list of all possible OSes. thanks for reading 😊 #cyber_security #penetration_testing #networking #blue_team

As computer hackers grow more inventive, it's important to remember that not everything can be prevented. However, you can ensure that you have a robust backup and disaster recovery plan in place. Do yourself a favor and verify that you have adequate protection. https://lnkd.in/gJvqU-DK

Team82 found 79% of organizations have more than two non-enterprise-grade tools installed on OT network devices. These tools lack basic privileged access management capabilities such as session recording, auditing, role-based access controls, and even basic security features such as multi-factor authentication (MFA).

🔐 Claroty xDome Secure Access caters to the operational, administrative, and security needs associated with #RemoteAccess in #OT environments. By centrally managing third-party remote users, Claroty xDome #SecureAccess simplifies the remote access process, mitigating risks associated with unmanaged and uncontrolled access. ⚙️ Learn more: https://bit.ly/4fJ6Ep3

How can you implement a Zero Trust model in your organization? ◎Strong Identity Verification: Authenticate access to apps, services, and resources, starting with sensitive ones. Use robust identity and access management (IAM) solutions. ◎Manage Device and Network Access: Control who can connect to your network and devices. Implement Zero Trust Network Access (ZTNA) solutions. ◎Improve App Visibility: Understand how apps interact within your environment. Monitor and assess their behavior. ◎Set Data Permissions: Limit access based on roles and responsibilities. Apply the principle of least privilege. ◎Monitor Infrastructure: Continuously monitor for anomalies and potential threats. Use tools to detect and respond to suspicious activity.

Sygnia's #incidentresponse team has identified that CVE-2024-20399 was exploited in the wild by a China-nexus #threatgroup as a ‘zero-day’ and shared the details of the vulnerability with Cisco. ➡ What are our recommended mitigation strategies? ⏺ Restrict administrative access ⏺ Use central authentication, authorization, and accounting management for users (AAA) ⏺ Enforce a strong password policy and maintain good password hygiene ⏺ Restrict outbound internet access for devices ⏺ Implement regular patch management and vulnerability management practices Read the full details here: https://lnkd.in/gzqVeJNf

Sygnia's #incidentresponse team has identified that CVE-2024-20399 was exploited in the wild by a China-nexus #threatgroup as a ‘zero-day’ and shared the details of the vulnerability with Cisco. ➡ What are our recommended mitigation strategies? ⏺ Restrict administrative access ⏺ Use central authentication, authorization, and accounting management for users (AAA) ⏺ Enforce a strong password policy and maintain good password hygiene ⏺ Restrict outbound internet access for devices ⏺ Implement regular patch management and vulnerability management practices Read the full details here: https://lnkd.in/gQ2mtM8q